Generators & Utilities

Hash Generator

Generate cryptographic hashes of any text in five common algorithms at once: MD5, SHA-1, SHA-256, SHA-384, and SHA-512. The hashes update live as you type, and each has a copy button. The SHA family uses your browser's built-in Web Crypto engine and MD5 uses a compact local implementation, so everything runs on your device and nothing is uploaded.

SHA hashes use your browser's built-in Web Crypto (crypto.subtle); MD5 uses a compact inline implementation. Everything runs locally — nothing is uploaded. MD5 and SHA-1 are fine for checksums but should not be used for password storage or security.

What a hash is

A hash function takes any input — a word, a paragraph, or an entire file — and produces a fixed-length string of hexadecimal characters called a digest. The same input always yields the same digest, but even a one-character change produces a completely different result, and the process is one-way: you cannot reverse a digest back into the original text. Hashes are the workhorses of computing, used for verifying downloads, indexing data, detecting changes, and storing password verifiers.

The algorithms explained

MD5 and SHA-1 produce shorter digests (128 and 160 bits) and are fast, which makes them fine for non-security tasks like checksums and cache keys — but both are cryptographically broken and must never be used for security. The SHA-2 family — SHA-256, SHA-384, and SHA-512 — is current and secure; SHA-256 is the standard choice for file integrity, digital signatures, and blockchain, while the larger variants offer extra margin. Seeing all five side by side makes it easy to match whatever a website, tool, or specification asks for.

How this tool computes them

The SHA hashes are calculated with crypto.subtle, the browser's native Web Crypto API, which is fast and audited. MD5 is not part of Web Crypto, so this tool includes a compact, self-contained MD5 implementation that runs locally. Both approaches keep computation on your device — there is no server call — and the results are byte-for-byte identical to what command-line tools like sha256sum or md5 would produce for the same input.

Common uses

The most common use is verifying file integrity: a download page publishes a SHA-256 hash, you hash the file you received, and matching digests prove nothing was corrupted or tampered with in transit. Developers use hashes as unique keys, cache identifiers, and change-detection fingerprints. You can also hash a string to see how these functions behave, or to compare two pieces of text for an exact match without revealing their contents. Note that this tool hashes text you type, which is ideal for strings and checksummable values.

Security notes

Two cautions matter. First, never store passwords with plain MD5, SHA-1, or even raw SHA-256 — password storage requires a slow, salted algorithm like bcrypt, scrypt, or Argon2 specifically designed to resist brute force. Second, treat MD5 and SHA-1 as suitable only for non-adversarial checksums, not for anything where an attacker might try to forge a match. Everything here runs in your browser, so the text you hash is never transmitted or logged and stays private to your device.

FAQ

Which hash algorithms does this support?

MD5, SHA-1, SHA-256, SHA-384, and SHA-512, all computed at once from the same input so you can copy whichever one you need.

Can I use this to store passwords?

No. Plain MD5, SHA-1, and even raw SHA-256 are unsuitable for passwords. Use a slow, salted algorithm like bcrypt, scrypt, or Argon2 for password storage instead.

Are MD5 and SHA-1 safe to use?

Only for non-security purposes like checksums, cache keys, or deduplication. Both are cryptographically broken, so never rely on them where an attacker could try to forge a matching hash.

How do I verify a downloaded file?

Hash the same content the download page published, then compare. If the SHA-256 digests match exactly, the file arrived intact and untampered. This tool hashes text, matching command-line tools byte for byte.

Is my text uploaded to compute the hash?

No. SHA hashes use the browser's Web Crypto API and MD5 uses a local implementation. Everything runs on your device, so nothing is transmitted or stored.

More free tools